So, as far as I know, there is no malware that would run or infect Macs unless you install it by entering your login password. So why are people so worked up about malware on Macs? Just don't ever enter your password to install it, problem solved!
I own a mouse from a major mouse manufacturer and every month I get a notification that a new mouse driver has appeared and I should update it. To do that I have to enter my password. Should I trust it? It's not easy to decide. I can't see why Apple would design an OS that requires admin passwords to install something that should be utterly harmless to my computer, like a mouse driver.
I can't tell if you're asking for advice about whether you should trust?
Malware is a general term for "malicious software" and that software can take many forums. Viruses are just one, trojan horses are another. Then there are viruses that travel inside of trojan horses. Your mouse driver could be such a trojan horse for something malicious.
Why is a password needed? Because it's code that is loaded automatically by the system. You are not manually "booting" your mouse driver every time you start your computer. That code can have malicious aspects to it that give hackers remote access to your system. It may just be a mouse driver, but it could be harbouring something much worse.
As for trust, just make sure you're getting it from a trusted source.
So, as far as I know, there is no malware that would run or infect Macs unless you install it by entering your login password. So why are people so worked up about malware on Macs? Just don't ever enter your password to install it, problem solved!
I own a mouse from a major mouse manufacturer and every month I get a notification that a new mouse driver has appeared and I should update it. To do that I have to enter my password. Should I trust it? It's not easy to decide. I can't see why Apple would design an OS that requires admin passwords to install something that should be utterly harmless to my computer, like a mouse driver.
I can't tell if you're asking for advice about whether you should trust?
Malware is a general term for "malicious software" and that software can take many forums. Viruses are just one, trojan horses are another. Then there are viruses that travel inside of trojan horses. Your mouse driver could be such a trojan horse for something malicious.
Why is a password needed? Because it's code that is loaded automatically by the system. You are not manually "booting" your mouse driver every time you start your computer. That code can have malicious aspects to it that give hackers remote access to your system. It may just be a mouse driver, but it could be harbouring something much worse.
As for trust, just make sure you're getting it from a trusted source.
I guess my point was a little unobvious. Someone said above that "all you have to do is never enter your password" and I essentially responded "I have to enter my password over and over and over again, so not entering my password is an unworkable idea."
So you see, I was making an argument, but I made it in a way that wasn't obvious. I need to eschew obfuscation ubiquitously and then there won't be any problems. Yes, I just made up that phrase.
So essentially, Apple comes out with a new processor. A hacker re-compiles malware code to run natively and antivirus software doesn't detect it because it's essentially new code with a new signature and they haven't caught up yet. Since the M1 is a processor running a computer with MacOS, it's quite capable of running malware code and there's no evidence this code is any worse, more virulent or better and circumventing protections than any other malware, so is there really that much new here?
It is narrative stuff. Apple - especially Tim Cook era Apple - has made "privacy and security" the core identity of the brand over against Windows and Android. A narrative that was always problematic/lacking context. For example on macOS it was primarily a case of "security via obscurity." The Android stuff was mostly fearmongering based on bad comparisons to Windows 98/ME/XP where macOS = iOS and Android = Windows XP (when in reality the Windows and DOS kernels were developed prior to cybersecurity becoming a thing but Android was A. developed on a far more secure Linux kernel and B. have sandboxed apps which Microsoft didn't achieve until Windows 8 in 2012, and even then only the apps installed via the Windows Store that practically nobody uses are sandboxed).
So anything that runs counter to the narrative that Apple has spent years building and also gets circulated without question by most of its fans in the media (90% of what you read on media sites and blogs are written on MacBooks and iPad Pros) instead of being challenged is going to get noticed. Yes, we know that this is simply a generic ARM bug that hit the M1 Mac because it is an ARM CPU, and that the exploit is at the application level, not the hardware level (i.e. Meltdown/Spectre) or the OS level. But you can't expect the same people who didn't know - or care - that M1 versus Intel MacBook benchmarking was misleading because A. the Intel CPUs were as much as 2 years old and B. Apple chooses Intel CPUs based on "thin and light" design preferences rather than the performance ones that go into Wintel gaming laptops and ultrabooks to be willing or able to do this.
What makes you suggest that his involves a "ARM bug"? This malware is just an application that has been recompiled for a new architecture. It's not an ARM exploit.
-- OSX.Pirrit didn’t use any exploits to compromise a Mac. It infiltrated machines by using a simple social engineering trick to deceive people into providing their log-in credentials for a fake update, possibly for Flash.
And why are you conflating privacy and security? The former depends on that latter, but you can have great security practices and terrible privacy practices. For example, perhaps Facebook is the most secure application ever written, but the privacy policy is crap.
So, as far as I know, there is no malware that would run or infect Macs unless you install it by entering your login password. So why are people so worked up about malware on Macs? Just don't ever enter your password to install it, problem solved!
I own a mouse from a major mouse manufacturer and every month I get a notification that a new mouse driver has appeared and I should update it. To do that I have to enter my password. Should I trust it? It's not easy to decide. I can't see why Apple would design an OS that requires admin passwords to install something that should be utterly harmless to my computer, like a mouse driver.
You know the answer to your question. It’s because drivers aren’t generally loaded in user space. A mouse driver, just like printer drivers require an admin password so other users can use the mouse.
What people also don’t comment on is the proper restricted use of an admin account. Even Apple doesn’t force installations to set up admin account then create non-admin accounts for every user. This stops most malware from being installed.
In your attempt to be smug, you completely missed his point.
So, as far as I know, there is no malware that would run or infect Macs unless you install it by entering your login password. So why are people so worked up about malware on Macs? Just don't ever enter your password to install it, problem solved!
I own a mouse from a major mouse manufacturer and every month I get a notification that a new mouse driver has appeared and I should update it. To do that I have to enter my password. Should I trust it? It's not easy to decide. I can't see why Apple would design an OS that requires admin passwords to install something that should be utterly harmless to my computer, like a mouse driver.
You know the answer to your question. It’s because drivers aren’t generally loaded in user space. A mouse driver, just like printer drivers require an admin password so other users can use the mouse.
What people also don’t comment on is the proper restricted use of an admin account. Even Apple doesn’t force installations to set up admin account then create non-admin accounts for every user. This stops most malware from being installed.
In your attempt to be smug, you completely missed his point.
It's very rare for someone to come to my defense. Thanks. But I admit my point wasn't very clear. I'll try to do better. I've learned when you debate on forums you have to be extremely overt about your points.
So, as far as I know, there is no malware that would run or infect Macs unless you install it by entering your login password. So why are people so worked up about malware on Macs? Just don't ever enter your password to install it, problem solved!
I own a mouse from a major mouse manufacturer and every month I get a notification that a new mouse driver has appeared and I should update it. To do that I have to enter my password. Should I trust it? It's not easy to decide. I can't see why Apple would design an OS that requires admin passwords to install something that should be utterly harmless to my computer, like a mouse driver.
You know the answer to your question. It’s because drivers aren’t generally loaded in user space. A mouse driver, just like printer drivers require an admin password so other users can use the mouse.
What people also don’t comment on is the proper restricted use of an admin account. Even Apple doesn’t force installations to set up admin account then create non-admin accounts for every user. This stops most malware from being installed.
In your attempt to be smug, you completely missed his point.
It's very rare for someone to come to my defense. Thanks. But I admit my point wasn't very clear. I'll try to do better. I've learned when you debate on forums you have to be extremely overt about your points.
Or people can give each other a bit of benefit of the doubt, especially if there's doubt.
Comments
I can't tell if you're asking for advice about whether you should trust?
Malware is a general term for "malicious software" and that software can take many forums. Viruses are just one, trojan horses are another. Then there are viruses that travel inside of trojan horses. Your mouse driver could be such a trojan horse for something malicious.
Why is a password needed? Because it's code that is loaded automatically by the system. You are not manually "booting" your mouse driver every time you start your computer. That code can have malicious aspects to it that give hackers remote access to your system. It may just be a mouse driver, but it could be harbouring something much worse.
As for trust, just make sure you're getting it from a trusted source.
So you see, I was making an argument, but I made it in a way that wasn't obvious. I need to eschew obfuscation ubiquitously and then there won't be any problems. Yes, I just made up that phrase.
https://www.cybereason.com/blog/mac-os-x-pirrit-adware
And why are you conflating privacy and security? The former depends on that latter, but you can have great security practices and terrible privacy practices. For example, perhaps Facebook is the most secure application ever written, but the privacy policy is crap.